0a77aebf6d8ebc91835f79f557d56330_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

0a77aebf6d8ebc91835f79f557d56330_NEAS
Size

721KB
MD5

0a77aebf6d8ebc91835f79f557d56330
SHA1

9d5bac9f95732dff8c82da165a58506a889cdc6a
SHA256

f73521bddb97bc8914ddcceebcab1ac23163beb90a125830da3a7189d9ede5f0
SHA512

22180c4b4b11380ab8cfb1efd35e43a587511cba0057a6ce9cf67cccf569b2fcba64e101d489ddd3a4d67b60c8ae5939c964e24fc952dbc797dcf816b06fa56d
SSDEEP

12288:Tfe+RJoioyl9iICK+xfDLXYfGDsh/95PavKS87Sfcqi4gPuC42EFnelRqeo+6yqV:Le+RJoMiS+xgeDkrPoKS87Sfcqi4gPuz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a77aebf6d8ebc91835f79f557d56330_NEAS

Files

0a77aebf6d8ebc91835f79f557d56330_NEAS
.dll windows:6 windows x86 arch:x86

d0ebb4b38afb040586fea99ed2aa417b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD\work\b69487f8af4577da\BUILDSENG\Release Static\x86\aswJsFlt.pdb

Imports

ntdll

RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlUnwind
ZwCreateEvent
RtlInitializeCriticalSection
RtlLeaveCriticalSection
ZwSetEvent
LdrLoadDll
LdrGetProcedureAddress
VerSetConditionMask
RtlCreateSecurityDescriptor
ZwOpenFile
RtlCreateAcl
ZwSetInformationFile
ZwCreateNamedPipeFile
RtlAddAccessAllowedAce
RtlLengthSid
ZwWriteFile
NtQueryInformationToken
RtlSetDaclSecurityDescriptor
ZwOpenProcessTokenEx
ZwOpenThreadTokenEx
ZwReadFile
ZwFsControlFile
ZwWaitForMultipleObjects
ZwResetEvent
ZwClose
ZwWaitForSingleObject

kernel32

GetProcAddress
LeaveCriticalSection
CloseHandle
DeleteCriticalSection
DeviceIoControl
SetLastError
CreateMutexW
CreateEventW
CreateFileMappingW
GetLastError
OpenProcess
GetVersionExW
MapViewOfFile
UnmapViewOfFile
LocalFree
WaitForSingleObject
ReleaseMutex
GetCurrentProcess
GetCurrentProcessId
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCurrentThread
IsBadReadPtr
VirtualAlloc
VirtualProtect
VirtualFree
FlushInstructionCache
TlsGetValue
LocalAlloc
TlsSetValue
GetModuleFileNameW
GetTickCount
GetPrivateProfileStringW
ResetEvent
CreateThread
SetEvent
GetCurrentThreadId
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
EnumResourceNamesW
GetFullPathNameW
GetCommandLineW
TerminateProcess
GetFileType
SetHandleInformation
HeapFree
GetProcessHeap
lstrlenW
IsBadStringPtrW
IsBadWritePtr
ResumeThread
MultiByteToWideChar
OutputDebugStringW
ExitProcess
SuspendThread
GetThreadContext
SetThreadContext
VirtualQuery
WriteFile
SetFilePointer
FreeLibrary
LoadLibraryExW
TlsFree
GetModuleHandleW
Sleep
InitializeCriticalSectionEx
DecodePointer
GetLongPathNameW
GetSystemInfo
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetShortPathNameW
GetFileAttributesW
GetSystemWindowsDirectoryW
HeapAlloc
WaitForMultipleObjects
GetProcessAffinityMask
HeapReAlloc
GlobalMemoryStatusEx
ReadFile
DeleteFileW
GetWindowsDirectoryW
GetTempFileNameW
FindClose
GetFileInformationByHandle
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
WideCharToMultiByte
CancelIo
GetStdHandle
RaiseException
CancelIoEx
GetOverlappedResult
VerifyVersionInfoW
FlushFileBuffers
GetSystemTimeAsFileTime
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsDebuggerPresent
GetModuleHandleA
HeapSize
GetTempPathW
CreateFileW
EnterCriticalSection
InitializeCriticalSection
InitializeSListHead
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
WriteConsoleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
GetPrivateProfileIntW
TlsAlloc
ProcessIdToSessionId
SetNamedPipeHandleState
WaitNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW

advapi32

AddAce
InitializeAcl
GetLengthSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
AllocateAndInitializeSid
OpenProcessToken
MakeSelfRelativeSD
GetSecurityDescriptorControl

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0ebb4b38afb040586fea99ed2aa417b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ole32

version

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 302KB - Virtual size: 301KB

.data Size: 7KB - Virtual size: 16KB

.detourc Size: 13KB - Virtual size: 13KB

.detourd Size: 512B - Virtual size: 36B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 57KB - Virtual size: 56KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 302KB - Virtual size: 301KB

.data
Size: 7KB - Virtual size: 16KB

.detourc
Size: 13KB - Virtual size: 13KB

.detourd
Size: 512B - Virtual size: 36B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 57KB - Virtual size: 56KB